﻿using System;
using System.Configuration;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.Common;
using System.Data.SqlClient;
using mojoPortal.Web.RS.AppCode.Lib;

namespace mojoPortal.Web.Secure
{
    public partial class Login : System.Web.UI.Page
    {

        protected void Page_Load(object sender, EventArgs e)
        {

        }
        protected void btnLogin_Click(object sender, EventArgs e)
        {
            string username = txtUserName.Text;
            string password = txtPassword.Text;

            if (GetSiteUserCredential(username, password))
            {
                Session["USER_NAME"] = username;
                Session["PASSWORD"] = password;
                Response.Redirect("~/RS/SBM/RSHome.aspx");
            }
            else
            {
                Session["USER_NAME"] = null;
                Session["PASSWORD"] = null;
                lblMessage.Text = "Login Failed.";
            }
        }
        protected bool GetSiteUserCredential(string username, string password)
        {
            bool retvalue = false;

            String strSQL = "SELECT EmployeeId,CompanyId FROM rs_tblEmployee where username=@username and password=@password and isactive=1 and enablelogin=1";
            SqlCommand myCommand;
            SqlParameter param;
            SqlConnection myConnection;
            myConnection = new SqlConnection(ConfigurationManager.ConnectionStrings[RSCommonFunctions.GetRSCompanyConnectionString()].ToString());
            myCommand = new SqlCommand(strSQL, myConnection);
            SqlDataReader myDataReader;

            param = new SqlParameter();
            param.SqlDbType = SqlDbType.NVarChar;
            param.ParameterName = "@username";
            param.Value = username;
            myCommand.Parameters.Add(param);

            param = new SqlParameter();
            param.SqlDbType = SqlDbType.NVarChar;
            param.ParameterName = "@password";
            param.Value = password;
            myCommand.Parameters.Add(param);

            myConnection.Open();
            myDataReader = myCommand.ExecuteReader(CommandBehavior.CloseConnection);
            if (myDataReader.HasRows)
            {
                retvalue = true;
            }
            myConnection.Close();
            return retvalue;
        }

    }
}